CHICAGO -- Mobile applications have long lacked enterprise security measures, but Ping Identity is hoping to change that trend by embedding multifactor authentication security features in the apps.
At the 2017 Cloud Identity Summit this week, Ping introduced the PingID SDK, a software development kit that's designed to help developers easily add multifactor authentication security into their mobile apps. The SDK works for both iOS and Android mobile apps and gives developers the ability to embed customizable and branded authentication features in the apps rather than bolting on or requiring the downloading of a separate MFA product.
Ping Identity CEO Andre Durand said that while the PingID SDK may seem small, it addresses a big issue with mobile apps. "That's actually a pretty big deal to have strong authentication embedded in an app," he said. "All the mobile apps that are going out today are just like SaaS apps. They're just embedding a password. They're not leveraging anything that the phone can do to authenticate that user."
The PingID SDK can use several components of an iOS or Android device, such as the geolocation data or biometric identification, to generate additional authentication for users. The multifactor authentication security features can also generate out-of-band web authentication and approve transactions from trusted devices.
"We can do verified identities through transaction approvals. That's the holy grail," Durand said. "If a system needs to send you an approval and it can route it through a push notification to your phone, and your thumbprint and geolocation data can authenticate it you, then you have non-repudiatable transactions, and that's a breakthrough."
Durand said the application use case scenarios are "endless." For example, he said, to approve a Ping employee expense report using an app, he has to click on a link to go to a website and log in again. With the PingID SDK, he could launch the app from a notification on a device that has already authenticated him.
Durand said that while mobile app developers have traditionally been slow to adopt security features like multifactor authentication, he does see some progress being made.
"Security is always an afterthought. It's still the case," he said, adding that the primary focus for many app developers is time to market. "But companies are getting there. They are making headway to get developers to break the habit of embedding credentials like usernames and passwords in an app. And they're creating self-service portals to externalize authentication so they can pick the method they want, and they're making headway. But it's been a decade-long push."
Learn how enterprises should take advantage of Office 365 security features
Find out why mobile application security assessments are a must
Read more on the risks and rewards of mobile application hot patching